image protection in asp.net application

i have asp.net application , in one page it is showing one model image if u do right click开发者_开发百科 on image and view image it shows of path where it is stored using image id,so people can see other image also how to avoid this.

Here is some example code for using an ASHX file to retrieve DB images

<%@ webhandler language="C#" class="NWEmpPhotoHandler" %>
using System; 
using System.Web; 
using System.Data; 
using System.Data.SqlClient; 
public class NWEmpPhotoHandler : IHttpHandler 
{ 
    public bool IsReusable { get { return true; } } 

    public void ProcessRequest(HttpContext ctx) 
    { 
        string id = ctx.Request.QueryString["id"]; 

        SqlConnection con = new SqlConnection(<<INSERT CONNECTION STRING HERE>>); 
        SqlCommand cmd = new SqlCommand("SELECT Photo FROM Employees WHERE EmployeeID = @EmpID", con); 
        cmd.CommandType = CommandType.Text; 
        cmd.Parameters.Add("@EmpID", id); 

        con.Open(); 
        byte[] pict = (byte[])cmd.ExecuteScalar(); 
        con.Close(); 

        ctx.Response.ContentType = "image/bmp"; 
        ctx.Response.OutputStream.Write(pict, 78, pict.Length - 78); 
    } 
} 

You should be able to adapt it to load the file from disk.

In short: you can't. Your client browser needs to know where that image is located, so it can be downloaded and rendered.

But you have an option: you can to place that images into a folder where just authenticated users can access. So, you'll need to build that functionality into your website. Isn't that hard: Introduction to Membership

It sounds like what you're after is image hotlinking protection, also known as inline-linking or deep linking etc.

The general method of achieving this is usually to write your own HTTP Module (or HTTP Handler) that effectively intercepts the request/response pipeline, and when an image is needed to be displayed to the browser, the HTTP handler/module outputs, usually byte-by-byte, the image files contents to the response stream sent from the web server to the client web browser.

Try these resources:

Stopping hot-linking with IIS and ASP.NET

ASP.Net HTTP Module to Prevent Deep Linking